Compare commits

..

13 commits

15 changed files with 129 additions and 27 deletions

View file

@ -21,7 +21,9 @@
- codimd - codimd
- netdata - netdata
- docker_registry - docker_registry
- drone
- websites - websites
- ouroboros
smtp_host: postfix smtp_host: postfix
smtp_port: 587 smtp_port: 587

View file

@ -3,6 +3,7 @@ nginx:
ldap: ldap:
domain: "ldap.{{ base_domain }}" domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
thelounge: thelounge:
domain: "irc.{{ base_domain }}" domain: "irc.{{ base_domain }}"
@ -22,9 +23,11 @@ fider:
matrix: matrix:
domain: "matrix.{{ base_domain }}" domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
riot: riot:
domain: "riot.{{ base_domain }}" domain: "riot.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot"
privatebin: privatebin:
domain: "paste.{{ base_domain }}" domain: "paste.{{ base_domain }}"
@ -49,7 +52,13 @@ data_coop_website:
cryptohagen_website: cryptohagen_website:
domain: "cryptohagen.dk" domain: "cryptohagen.dk"
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
mailu: mailu:
domain: "mail.{{ base_domain }}" domain: "mail.{{ base_domain }}"
dns: 192.168.203.254 dns: 192.168.203.254
subnet: 192.168.203.0/24 subnet: 192.168.203.0/24
volume_folder: "{{ volume_root_folder }}/mailu"

View file

@ -0,0 +1 @@
listen 8008;

View file

@ -0,0 +1,14 @@
location /_matrix {
proxy_pass http://0.0.0.0:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /.well-known/matrix/server {
default_type application/json;
return 200 '{"m.server": "matrix.data.coop:443"}';
}
location /.well-known/matrix/client {
default_type application/json;
return 200 '{"m.homeserver": {"base_url": "https://matrix.data.coop"}}';
}

View file

@ -23,7 +23,7 @@
"feature_tabbed_settings": "enable", "feature_tabbed_settings": "enable",
"feature_sas": "enable" "feature_sas": "enable"
}, },
"welcomeUserId": "@riot-bot:matrix.org", "welcomeUserId": "",
"piwik": false, "piwik": false,
"roomDirectory": { "roomDirectory": {
"servers": [ "servers": [

View file

@ -32,7 +32,7 @@
- name: codimd app container - name: codimd app container
docker_container: docker_container:
name: codimd_app name: codimd_app
image: hackmdio/hackmd:1.2.1 image: hackmdio/hackmd:1.3.0
restart_policy: unless-stopped restart_policy: unless-stopped
networks: networks:
- name: codimd - name: codimd
@ -51,6 +51,7 @@
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}" CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}"
CMD_LDAP_SEARCHBASE: "dc=data,dc=coop" CMD_LDAP_SEARCHBASE: "dc=data,dc=coop"
CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))" CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))"
CMD_USECDN: "false"
VIRTUAL_HOST: "{{ codimd.domain }}" VIRTUAL_HOST: "{{ codimd.domain }}"
LETSENCRYPT_HOST: "{{ codimd.domain }}" LETSENCRYPT_HOST: "{{ codimd.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -0,0 +1,21 @@
---
- name: Drone container
docker_container:
name: drone
image: drone/drone:latest
restart_policy: unless-stopped
networks:
- name: external_services
volumes:
- "{{ drone.volume_folder }}:/data"
- "/var/run/docker.sock:/var/run/docker.sock"
env:
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
DRONE_GITEA_ALWAYS_AUTH: "False"
DRONE_RUNNER_CAPACITY: "2"
DRONE_SERVER_HOST: "{{ drone.domain }}"
DRONE_SERVER_PROTO: "https"
PLUGIN_CUSTOM_DNS: "91.239.100.100"
VIRTUAL_HOST: "{{ drone.domain }}"
LETSENCRYPT_HOST: "{{ drone.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -1,26 +1,45 @@
--- ---
- name: create matrix volume folders
file:
name: "{{ matrix.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
loop_control:
loop_var: volume
- name: create riot volume folders
file:
name: "{{ riot.volume_folder }}/{{ volume }}"
state: directory
loop:
- "data"
loop_control:
loop_var: volume
- name: matrix network - name: matrix network
docker_network: docker_network:
name: matrix name: matrix
- name: matrix database volume
docker_volume:
name: matrix_db
- name: riot volume
docker_volume:
name: riot_app
- name: upload riot config.json - name: upload riot config.json
template: template:
src: files/configs/riot-config.json src: files/configs/riot/config.json
dest: /var/lib/docker/volumes/riot_app/_data/config.json dest: "{{ riot.volume_folder }}/data/config.json"
- name: upload riot.im.conf - name: upload riot.im.conf
template: template:
src: files/configs/riot.im.conf src: files/configs/riot/riot.im.conf
dest: /var/lib/docker/volumes/riot_app/_data/riot.im.conf dest: "{{ riot.volume_folder }}/data/riot.im.conf"
- name: upload vhost config for root domain
template:
src: files/configs/matrix/vhost-root
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
- name: upload vhost config for matrix domain
template:
src: files/configs/matrix/vhost-matrix
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
- name: matrix database container - name: matrix database container
docker_container: docker_container:
@ -31,7 +50,7 @@
networks: networks:
- name: matrix - name: matrix
volumes: volumes:
- matrix_db:/var/lib/postgresql/data - "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
env: env:
POSTGRES_USER: "synapse" POSTGRES_USER: "synapse"
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
@ -44,8 +63,7 @@
networks: networks:
- name: matrix - name: matrix
published_ports: published_ports:
- 8008:8008 - "8008"
- 8448:8448
env: env:
SYNAPSE_SERVER_NAME: "{{ base_domain }}" SYNAPSE_SERVER_NAME: "{{ base_domain }}"
SYNAPSE_REPORT_STATS: "False" SYNAPSE_REPORT_STATS: "False"
@ -63,19 +81,18 @@
- name: riot container - name: riot container
docker_container: docker_container:
name: riot_app name: riot_app
image: avhost/docker-matrix-riot:v1.0.0 image: avhost/docker-matrix-riot:v1.0.1
state: started state: started
restart_policy: always restart_policy: always
networks: networks:
- name: matrix - name: matrix
- name: external_services - name: external_services
volumes:
- riot_app:/data
published_ports: published_ports:
- 8080 - "8080"
volumes:
- "{{ riot.volume_folder }}/data:/data"
env: env:
VIRTUAL_HOST: "{{ riot.domain }}" VIRTUAL_HOST: "{{ riot.domain }}"
VIRTUAL_PORT: "8080" VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ riot.domain }}" LETSENCRYPT_HOST: "{{ riot.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -4,6 +4,7 @@
docker_container: docker_container:
name: netdata name: netdata
image: netdata/netdata image: netdata/netdata
restart_policy: unless-stopped
hostname: "hevonen.servers.{{ base_domain }}" hostname: "hevonen.servers.{{ base_domain }}"
capabilities: capabilities:
- SYS_PTRACE - SYS_PTRACE

View file

@ -1,4 +1,14 @@
--- ---
- name: create ldap volume folders
file:
name: "{{ ldap.volume_folder }}/{{ volume }}"
state: directory
loop:
- "var/lib/ldap"
- "etc/slapd"
- "certs"
loop_control:
loop_var: volume
- name: Create a network for ldap - name: Create a network for ldap
docker_network: docker_network:
@ -11,9 +21,9 @@
tty: true tty: true
interactive: true interactive: true
volumes: volumes:
- /var/lib/ldap - "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
- /etc/ldap/slapd.d - "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
- /container/service/slapd/assets/certs/ - "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
published_ports: published_ports:
- "389:389" - "389:389"
- "636:636" - "636:636"

View file

@ -0,0 +1,18 @@
---
- name: ouroboros container
docker_container:
name: ouroboros
image: pyouroboros/ouroboros
restart_policy: unless-stopped
networks:
- name: external_services
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/root/.docker/config.json
env:
LABEL_ENABLE: "true"
LABELS_ONLY: "true"
CLEANUP: "true"
LATEST: "true"
CRON: "*/1 * * * *"

View file

@ -4,6 +4,7 @@
docker_container: docker_container:
name: postfix name: postfix
image: boky/postfix image: boky/postfix
restart_policy: unless-stopped
networks: networks:
- name: postfix - name: postfix
env: env:

View file

@ -2,18 +2,22 @@
- name: setup data.coop website docker container - name: setup data.coop website docker container
docker_container: docker_container:
name: website name: data.coop_website
image: docker.data.coop/data-coop-website image: docker.data.coop/data-coop-website
restart_policy: unless-stopped
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "{{ data_coop_website.domain }}" VIRTUAL_HOST : "{{ data_coop_website.domain }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}" LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"
- name: setup cryptohagen.dk website docker container - name: setup cryptohagen.dk website docker container
docker_container: docker_container:
name: website name: cryptohagen_website
restart_policy: unless-stopped
image: docker.data.coop/cryptohagen-website image: docker.data.coop/cryptohagen-website
networks: networks:
- name: external_services - name: external_services
@ -21,3 +25,5 @@
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}" VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}" LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"

View file

@ -7,4 +7,5 @@
- aptitude - aptitude
- python3-pip - python3-pip
- apparmor - apparmor
- haveged